The present application relates to interfaces to portable electronic modules, and more particularly to architectures which add functionality into a rigidly predefined interface.
Detachable memory modules have become extremely important since the 1990s, and have taken over many of the robust portability niches which were previously satisfied by removable disks or by special backup media. Such modules typically include a block of memory (typically flash), plus a controller which operates I/O and control functions. As these memory modules have become more popular, their capacities have of course increased, and cost per bit has decreased. However, development has also led in at least two other important directions: First, an interface to such modules has also been designed into many portable electronics systems other than computers as such. (Examples of such systems include cameras and videorecorders, cell phones, personal digital assistant devices (PDAs), music and video players, and hybrids of these.) Second, higher level functionality has been designed into some memory modules, to provide functions (e.g. related to data security and protection) which go beyond simple read and write.
Several physical layer protocols have been used for such modules, including MMC, SD (and variations and descendents thereof), CF, Memory Stick, and USB among others. Many such protocols are designed for very robust operation, since detachable modules may be inserted or removed unpredictably. One of the features which assures robust operation is rigorous timeout rules. For example, the SD card physical layer specification explicitly requires that the read timeout for a standard capacity SD card must be no longer than 100 ms, and the write timeout no longer than 250 ms. (These requirements help to assure that the system does not “hang” or get stuck while a card access is in progress.) If the host does not get any response with the given timeout it is supposed to assume that the card is not going to respond and try to recover (e.g. reset the card, power cycle, reject, etc.). (See SD Specifications Part 1, Physical Layer Simplified Specification Version 2.00, at sections 4.6. 4.6.1, and 4.6.2. This entire document is hereby incorporated by reference.)
However, the timeout rules, which have helped to assure robust operation, can themselves cause difficulties as more functionality is designed into the module. Specifically, the read and write timeout requirements mean that a complicated data processing operation, such as a security validation, may not complete before a desired read or write operation times out.
The maximum timeout values are not necessarily easy to change. For example, the interface protocol rules may have been hard-wired into an FPGA or ASIC on the host side. This is a problem for introduction of advanced modules, since constraints hard-wired into legacy hardware cannot be avoided.
When a bus timeout occurs, the host initiates either a power cycle, a recovery process, a write abort or a power shutdown, which results in the operation in the card being aborted. However, problems arise when legitimate read/write operations timeout. This can occur when the card is performing operations that take more time to complete than the timeout period allows. Thus, existing portions of the given architecture prevent forward migration to more complex operations.
A particular area of pressure on removable memory development is in digital content protection. Extensive efforts have been devoted to allowing convenient sale, transport and use of copyrighted content, without allowing the copyrighted material to be freely distributed by users. One milestone in this direction was the Secure Digital Music Initiative (SDMI), which was launched by an industry forum of over 180 companies and organizations representing information technology, consumer electronics, security technology, content owners, and Internet service providers involved in protecting the security of digital music. Another milestone was UDAC-MB—Universal Distribution with Access Control—Media Base is protection technology that delivers content to a Content Protection Secure MultiMediaCard, or other media, providing a convenient and legal way for users to create, replay and exchange copies of the content. This technology is based on a method for independent delivery of a license key and encrypted content. UDAC-MB was generally followed by the Keitaide-Music (KdM) standard.
Another important step in content is the TrustedFlash™ architecture, which was announced in 2005 by SanDisk Corporation. TrustedFlash allows consumers to buy premium music, movies and games on flash memory cards for use interchangeably in mobile phones, laptop computers, PDAs and other portable devices. Music producers and movie studios will be able to release premium content on TrustedFlash products because it provides the superior security and digital rights management solutions that are required by these providers. Consumers will be able to download premium content from online digital music services through their mobile phone or PC.
In the TrustedFlash technology, the card itself acts as the manager of digital rights, thus giving consumers the freedom to transfer the card—and its content—to other supported devices without compromising its content protection system. TrustedFlash cards also function as regular cards in non-secure host devices.
TrustedFlash cards are highly secure, thanks to an on-board processor, a high-performance cryptographic engine and tamper-resistant technology that are designed to provide much higher level security than has previously existed on memory cards and on most consumer electronics devices, Cards built on the TrustedFlash platform will provide full digital rights management capabilities, supporting industry security standards such as both symmetric and asymmetric algorithms.
TrustedFlash is also expected to extend to mobile commerce applications and secure online financial transactions, such as credit card payments, mass-transit access and one-time password authentication.
Architectures for content protection will tend to require cryptographic algorithms, for content validation and for node validation, and/or restrictions on file access (e.g. for private key files), and/or file management overhead procedures which keep track of when a file has been “checked out” to a portable medium. All of this adds to processing overhead. In such systems, this means that data exchange with a portable data module becomes much more complicated than simple read or write operations.
To implement advanced content-protection features, the data module should be able to hold and maintain a sophisticated high-integrity database. In such a database architecture, full integrity-checking may be necessary with EVERY access. Since cryptographic computations are typically needed for the integrity checks, the overhead to operate such a database can be severe. Thus a read or write to such an advanced memory module is only superficially simple, and substantial computing may have to be completed, on the card side of the interface, for each such access. This added overhead can cause problems with the fixed timeouts.
Much more information on content protection and mobile data interfacing can be found on the following websites, all of which (in their versions as of the filing date of the present application) are hereby incorporated by reference: http://www.keitaide-music.org/; http://www.mmca.org/technology/; http://www.sdcard.org/; http://sdmi.org/.
Additional information on security applications can be found in U.S. application Ser. No. 11/557,028 filed on Nov. 6, 2006, and in other materials cited therein, all of which are hereby incorporated by reference.